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(57) Abstract: A method and device/terminal are disclosed for the positive identification ofan individual which finds particular use 
for the secure purchasing of goods orservices over a visual medium such as television, the Internet and EFTPOSsystems. The termi- 
nal is a point-of-sale terminal (6) wWch includes akeyboard (7), a screen (8). a fingerprint reader (9), a smart card readerassembly 
(10) and a printhead assembly incorporated within the card readerassembly (10). The operating software of the terminal (6) includes 
code todeciypt encrypted information read from the smart card (4). An individualwishing to undertake a secure financial o^nsaction 
first obtains a smart cardC4) whidi incorporates encrypted biometric data and financial data of ihatindividual. At the poini of intended 
purchase, the card (4) is placed in thereader assembly (10) of the terminal (6). The account details and encryptedbiometric data ane 
read by the terminal (6). The appropriate fingerprint of theindividual is then taken at the fingerprint reader (9) of the terminal (C) 
fix)mwhich the encryption key is determined. The encrypted fingerprint data readfimm the card (4) is then decrypted using the en- 
cryption key just determinedand the thus-decoded fingerprint dala from the card (4) is compared with thefingetprint data obtained at 
the terminal (6). If the thus-read fingerprint data isidentica] with thai decoded from the card (4), identifjcation is deemed posiliveand 
the financial transaction proceeds. 
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TITLE: SECURE BIOWIETRIC LOOP 

THIS INVENTION relates to the provision of a secure method for the positive 
Identification of an individual, particularly, but not exclusively, as a means for 
the authenticgition of a purchase of goods or services or for cash withdrawals 
I over a telecommunication medium. The invention finds particular, but not 
exclusive, use as a means for secure purchasing of goods or services over a 
visual medium such as television or other visual display medium or the Internet 
or as part of an EFTPOS system (electronic funds transfer at point of sale). 
However, the invention is not to be regarded as limited to such applications. 

The advertising of goods and services over media such as television and the 
Intemet is now commonplace. With television advertising, the public can often 
purchase the goods or services so-advertised over the. telephone using a 
I credit card facility. With the Intemet now well known as an electronic medium 
and powertui communications tool the seamless system (World Wide Web) 
linking information on different computers, the general public can readily 
access the Intemet for a wide variety of purposes, including to order numerous 
consumer goods and/or services online. Once again, payment for these goods 
and/or services is often by a credit card facility. Yet again, payment of goods 
at their point of sale by credit or debit cards (EFTPOS) is now common in the 
marketplace. 

A significant disadvantage of telecommunication purchasing is that it does not 
provide positive identification of individuals which is important for preventing 
unauthorized access to bank account or credit card details by a person wishing 
to purchase goods or services firauduientiy. 

Possibly the most common method of positive identification before a sale is 
authorized over a telecommunication medium is the use of a code specific for 
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a particular account. These codes, often numeric but can be alphabetical or 
alphanumeric, are known as PIN numbers (Personal Identification Number) 
and are used in combination with the particular account number. However, as 
PIN and account numbers are not dependent on any cross-checking to ensure 
that they are being quoted over the telecommunication medium by the true 
proprietor of that PIN number and its associated credit caid or bank account, 
this type of secure transaction is not too difficult to circumvent. 

In particular, in current systems utilizing such a magnetic strip credit or debit 
card, both the user's account identification and PIN number are stored on the 
card. While this data Is encoded, the card can be easily duplicated and then 
used fraudulently in at least two ways: 

1 . If the fraudulent user holds the card,, a transaction can be completed, 
without a signature or PIN number, by several methods including over 
the telephone and the Internet using the card number, card name and 
expiry date. 

2. If the firaudulent user knows me PIN number, then a substitute card can 
, be usbd in ATM's, EFTPOS temrtinate, etc : , . 

These firaudulent transactions create liability for both the issuing authority - 
which may be a bank building society or other financial institution - and the 
qardhplder leading to subsequent disputes between the two parties. 

Positive identification of an individual is also important for preventing 
unauthorized access to, or passage from, selected locations or facilities such 
as international destinations, bank vaults and other restricted areas which 
include secure buildings, jails, airport terminals, etc. 
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However, this positive identification of an individual can lead to delays for 
travellers crossing international borders as officials attempt to confirm the 
identity of the individual by, for example, manual interrogation, comparison of 
visual features with photographs in passports, or comparing names with lists 
of restricted individuals who may be banned fifom entering or leaving a 
II particular country. 

I . 

I 

One prior art solution proposed for these particular problems is to adopt 
,, methodologies relying on a physical attribute of the individual. Such 
methodologies, commonly refen-ed to as biometric techniques, include 
fingerprint analysis, thermograms and DNA analysis. These methodologies 
are considered less vulnerable to mistaken identity, 

One such method Includes comparing the biometric data on a caitl proffered 
, by an individual to a previously created database of biometric data of 
authorized individuals. However, this system can still be foiled by individuals 
who have obtained a biometric card from its rightful owner. Alternatively, a 
fraudulent user of the card may partially duplicate the card, retaining any credit 
details but substituting his/her own biometric data for that of the rightful owner 
of the card. Further, the data obtained from the individual Isusually compared 
to a vast remote databank of such information which is usually difficult and/or 
slow to locate and access. 

The presently available methods to overcome the above discussed 
disadvantages can conveniently be summarized as possession of a passport, 
knowledge of a password, possession of a restricted article such as a pass 
key, and biometric techniques comparing data on a card by an individual to a 
remote databank of such information. 
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However, such security methods are readily circumvented and do not provide 
satisfactory methods for the positive and expedient identification of an 
individual. 

It is thus a general object of the present invention to overcome, or at least 
ameliorate, one or more of the above problems and/or disadvantages. 

According to a first aspect of the present invention, there Is provided a method 
for the positive identification of an individual, said method including: 

providing a unique description for said individual, said unique description 
Including biometric data of said individual; 

encrypting said unique description with an encryption key, said 
encryption key detemilned from said biometric data; 

providing Identification means adapted for carriage with said individual, 
said identification means containing said unique description; 

providing a reading means to obt^'n verification biometric data fi-om a 
person offering said identification means; 

detenmlnlng an encryption key firom said verification biometric data; 

using said encryption key firom said verification biometric data to decrypt 
said biometric data included in said unique description; and 

comparing said verification biometric data with said thus decrypted 
biometric data; 
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wherein identification of said person is deemed positive if said 
verification biometric data from said person is identical with said 
biometric data of said individual included In said unique description. 

< Preferably, said encryption key Is detemriined firom only a part of said biometric 
I data. I 

i - 

Preiferably. said biometric data Is a fingerprint analysis. 

' ' ' ' . 

i Preferably, said identification means is a card of the type capable of holding 

' information in a machinenneadable form. 

iVs . . ■ . ■ ■ 

Optionally, after said reading means has obtained said verification biometric 
data from said person and said person has been Initially positively identified, 
, said verification biometric data is transmitted to a remote databank for further 
comparison with biometric data held In said databank. 

In one embodiment of the present invention, said individual attends a point of 
, issue for said identification means, such as a bank, where normal identification 
procedures for banking or credit card facilities must be met before said 
identification means is issued. 

According to a secorid aspect of the present invention, there is provided a 
device for use in a method for the ppsitive identification of an individual as 
hereinbefore described, said device Including: 

a facility to obtain said verification biometric data from a person offering 
said identification means; 

reading means to read said Identification means; 
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decoding means to obtain blometric data from said identification means; 
. and 

comparison means to compare said biometric data with said verification 
biometric data. 

Preferably, said facility IS a fingerprint reader. . 

5 Preferably, said reading means is a smart card reader assembly. 

Preferably, said reading means is, or is incorporated as part of, a computer, 
mobile telephone, EFTPOS terminal, ATM, or similar terminal. 

. in those embodiments where said reading means is Incorporated into a mobile 
telephone, said identification means is incorporated into the SIM card of the 
10 mobile telephone. 

Optionally, said device will allow a maximum of three consecutive attempts to 
obtain said verification biometric data and compare with said biometric data 
induded wlthin^ said identification means. If positive identification does not 
ocoir within those three attempts, ttie identification is deemed negative. 

15 In a third aspect of the present invention, there is provided a method for a 
secure tiBnsfer of data over a telecommunication medium, said method 
including: 

providing a transmission means to transmit said data from a person 
desirous of undertaking a transaction to a party requiring to verify said 
20 data in order to validate said data before said transaction can be 

undertaken; and 
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providing a validation means to ensure that said person is authorized to 
undertal<e said transaction; 

'( 

wherein said transaction is authorized upon positive identification of said 
person detenmined by the method for positive identification as 
. I hereinbefore desoibed. 

\' ■ ■ ' 

; Preiferabiy, said data is financial data of said pereon. 

i'' ■ • 

\.- Preferably, said transmission means includes a terminal remote from said 
i..^ party whereby said person can supply said data to said party and which 
includes a cellular telephone or wireless data transmission linl«. 

Thus, according to a fourth aspect of the present invention, there is provided 
j a terminal for use in a method for a secure transfer of data as hereinbefore 
described, said terminal induding: 

transmission means to transmit identification details relevant to said 
, person to said party; and 

a facility for said person to provide verification biometric data of said 
person with said identification details. 

Preferably, said transmission means further includes a credit or.debit card slot 
assembly. 

Preferably, said facility includes: 

procuring means to obtain said verification biometric data from an 
individual offering said identification means; 
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reading means to read said Identification means; 

decoding means to obtain biometricdata from said Identification means; 

comparison means to compare said blometric data with said verification 
blometric data; and 

authentication means to authenticate said transfer of data. 

Preferabiyi said procuring means is a fingerprint reader. 

Preferably, said reading means is a smart card slot assembly wherein said 
smart card contains said biometric data. 

More preferably, said facility further Includes a printout means to produce a 
hard copy for recording details of said transfer of data. 

In one embodiment of this aspect of the present invention, said printout means 
is a printer either integral with, or separate from, said facility. 

In another embodiment of this aspect of the present invention, said printout 
means is located within said smart card slot assembly. A print head 
assembly, which may be of a mechanical, themial, laser or inkjettype, prints 
a receipt when the receipt is entered (or withdrawn) from the slot assembly 
subsequent to the completion of the transfer of data and removal of the smart 
card from the slot assembly, A sensor of either optical or magnetic type 
detects the presence of the Inserted blank receipt and activates the printing 
process. 
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Preferably, said receipt Is a single, duplicate or triplicate receipt in the form of 
a "tear off pad". 

More preferably, said receipt is a multiple copy receipt of comparable size to 
a credit or debit card. 

I ' • . . . • 

I Most preferably, said recelpf is in triplicate. 

A preferred embodiment of the present inverition will now be described with 
reference to the accompanying drawings, wherein: • 

FIG. 1 is a diagrammatic simplistic representation of a terminal which 
Incorporates the present invention for the positive identification of an 
individual wishing to underteke a financial transaction over that terminal; 

FIG. 2a is a top plan view schematic representation of the terminal of. 
tiie present invention; and 

FIG. 2b is a top edge view schematic representation of the terminal of 
FIG. 2a. 

With refererice to FIG. 1, there is a central processing unit (1) connected to a 
cellular telecommunications network (2). A fingerprint reader (3) is connected 
to a smart card (4) issuing temiinal (5) which can communicate with the 
networit (2). It will be appreciated by those skilled in the art that each of these 
components are known and their interconnection possible by any suitable 
means known in the art. A transaction terminal (6), placed at a merchant's 
place of business, is also in communication with the networi^ (2). As illustrated 
In FIGS. 2a & b, the temiinal (6) Includes a keyboard (7) to enter details of a 
transaction, a screen (8) to display the thus-entered details, a fingerprint 
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reader (9), a smart card reader assembly (1 0) and a printhead assembly (not 
illustrated) incorporated within the card reader assembly (1 0). The operating 
software of the terminal (6) includes code to deaypt encrypted information 
read firom the smart card (4). Once again, it will be appreciated by those 
skilled in the art that each component of the terminal (6) is known and 
5 interconnection of the various components can be undertaken by known 
methods. 

An individual wishing to undertake a secure financial transaction using a 
machine-readable card first obtains a card which incorporates encrypted 
biometric and financial data of that individual. This is achieved by presenting 

1 0 him- or herself to an institution such as a bank which issues machine-readable 
"smart* cards. As is usual when applying for a credit or debit card at such an 
institution, the Individual must first provide positive Identification which meets 
the requiremente of the institution before proceeding. Once assigned a smart 
card, biometric data, in particular, fingerprint data, of the individual is taken at 

15 the Institution using any suitable fingerprint reader known in the art. Although 
not essential, data can be taken from two fingerprints to minimize any 
subsequent false rejection that may occur when the present invention is in use 
at a merchant's place of business. The scanned Image of the fingerpnnt(s), 
which is represented by a mathematical representation of the ridge pattern, is 

20 then compressed and encrypted using any appropriate encryption algorithm 
known In the art of financial transactions to ensure that it can only be read or 
compared by first decrypting the data. This encrypted biometric data and the 
financial details of the Individual are stored In the memory of the smart card. 

To undertake a secure purchase using this card (4), at the point of intended 
25 purchase, the card (4) is placed In the reader assembly (10) of the terminal (6) 
whereby the value of the Uansaction is enter by the merchant using the 
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keyboard (7). The value of the purchase is disptayed on the visual display 
screen (8). The account details and encrypted biometric data are also read by 
the tennlnal (6). The appropriate fingerprint of the individual Is then taken at 
the fingerprint reader (9) of the tennlnal (6) from which the encryption key is 
detemiined. The enciypted fingerprint data read from the card (4) is then 
decrypted using the encryption key just detennlned and the thus-decoded 
fingerprint data from the card (4) is compared with the fingerprint data obtained 
at the tenninal (6); if the thus-read fingerprint data Is identical with that 
decoded from the card (4), identification is deemed positive and the financial 
transaction proceeds. If the comparison is dieemed negative, the customer re- 
presents the finger, or aitennative finger if two sudi fingerprints have been 
stored on the card (4), for a second scan whereby the comparison process 
described above is repeated. Although this procedure could be repeated 
several times, in practice, it Is expected that the temninal (6) will be set to allow 
only a maximum of three consecutive attempts to obtain the verification 
biometric data and compare with the biometric data included within the smart 
card (4). If validation does not occur within those three attempts, the 
identification is deemed negative. 

Upon a positive transaction, a receipt is inserted in the reader/printer slot (1 0) 
and the details of the transaction are recorded on the receipt. Details of the 
transaction are. also transmitted to the central processing facilities (1) for 
record purposes. 

Although in no way limiting, this embodiment is particulariy suitable for point of 
sale purchasing of goods or services in all markets. The terminal can be a 
self-contained stand-alone unit, or used in cooperation with a palmtop, laptop 
or desktop computer or any other unit which includes a visual display unit. 
Further, the terminal can utilise any convenient telecommunication network, 
and can be. any combination of cellular, satellite, microwave or hard wire 
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telephone or other communication network although, preferably, the terminal 
will be a wireless communication device incorporating the ftinctionafity and 
convenience of a mobile cellular telephone. 

Also, th4 secure transfer features of the present invention can fc»e attached to 
existing .ATM machines (Automatic Teller Machines) thus increasing the 
security of withdrawals therefrom. 

By using the present invention, a number of advantages are obtainable 
induding: 

As verification of the identity of the person offering the identification 
means can be undertaken without accessing a remote database, this 
verification can be undertaken quickly and in significantly less time than 
the 20 to 30 seconds required by present means vwhere a central 
database has to be accessed. 

Fraudulent use of a credit or debit card can be eliminated. Although a 
partial duplicate of smart card data can be made keeping the credit data, 
replacing blometric data of the true owner of the card with that of the 
fraudulent user is insufficient to create a valid card as the encryption key 
is different being based on the original blometric data. 

Tlius the present invention, with its use of an encryption key based on 
biometric data of the person originally issued with a credit or debit card or other 
machine-readable identification means, prevents card fraud or other false 
identification with a high level of security, ease of use and application. 

It will be appreciated that the above described embodiments are only 
exemplification of the various aspects of the present invention and that 
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modifications and alterations can be made thereto witliout departing from the 
inventive concept as defined in the following claims. 
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CLAIMS 

, .. 1. A method for the positive identification of an individual, said method 
induding: 

I 

I I 

.,1 I providing a unique description for said individual, said unique 

^/ . description including biometric data of said individual; 

5 \ encrypting said unique description with an encryption key, said 

^_ encryption key determined from said biometric data; 

j ' ' 

providing identification means adapted for carriage with said 
\ indiyidual, said identification means containing said unique 

description; 



10. providing a reading means to obtain verification biometric data , 

from a person offering said identification means; 

, detem^ining an encryption key from said verification biometric 

data; 

using said encryption key from said verification biometric data to 
15 decrypt said biometric data Included in said unique description; 

and 

comparing said verification biometric data witii said thus 
dearypted biometric data; 



20 



wherein identification of said person is deemed positive if said 
verification biome^c data from said person is identical witii said 
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biometric data of said, individual included in said unique 
description. 

2. A metiiod as defined in Claim 1, wherein said encryption l<ey is 
determined from only a part of said biometric data. 

3. A method as defined in Claim 1 or Claim. 2, wherein said biometric data 
is a fingerprint analysis. 

4. A method as defined in any one of Cliaims 1 to 3, wrfierein said 
identification means ife a card of the type capable of holding infonnation 
in a machine-readable form. 

5. A method as defined in any one of Claims 1 to 4, wherein after said 
reading means has obtained said verification biometric data firom said 
person and person has been initially positively identified, said verification 
biometric data is transmitted to a remote databank for further 
comparison with biornetric data held in said databank. 

6. A device for use in a method for the positive identification of an 
. individual as defined in any one of Claims 1 to 5, said device including; 

a facility to obtain said verification biometric data from a person 
offering said identification means; 

reading means to read said Identification means; 

decoding means to obtain biometric data from said identification 
means; and 



wo 01/90962 



PCT/AUOl/00453 



16 



comparison means to compare said biometric data with said 
verification biometric data. 



7. A device as defined in Claim 6, wherein said facility is a fingerprint 



, 9. A device as defined in any one of Claims 6 to 8, wherein said reading 



means is, or is incorporated as part of, a computer, mobile telephone, 
EFTPOS terminal, ATM, or similar tenminai. 



10. A device as defined in Claim 9 wherein said reading means is, or is 
incorporated as part of, a mobile telephone. 



11. A device as defined in Claim 10, wherein said identifjcation means is 
incorporated into the SIM card of said mobile telephone. 



12. A metiiod for a secure transfer of data over a telecommunication 
medium, said method induding: 

providing a transmission means to transmit said data from a person 
desirous of undertaking a transaction to a party requiring to verify said 
data in order to validate said data before said transaction can be 
undertaken; and 



reader. 




A device as defined in Claim 6 or Claim 7, wherein said reading means 
is a smart card reader assembly. 



providing a validation means to ensure that said pereon is auOiorized to 
undertake said transaction; 
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wherein said transaction is authorized upon positive identification of said 
person detennined by ttie method for positive Identification as defined 
in any one of Claims 1 to 6. 

1 3. A method as defined In Claim 1 2, wherein said data is financial data of 
said person. 

14. A method as defined in Claim 12 orClaim 13, wherein said transmission 
means includes a terminal remote from said party whereby said person 
can supply said data to said party and which includes a cellular 
telephone or wireless data transmission link. 

15. A terminal for use in a method for a secure transfor of data as defined 
in any one of Claims 1 2 to14, said terminal Including: 

transmission means to transmit identification details relevant to 
said person to said party; and 

a fadiity for said person to provide verification biometric data of 
■ said person witti said identification details. 

16. A terminal as defined in Claim 15, wherein said tiransmission means 
further includes a credit or debit card slot assembly. 

17. A temiinal as defined in Claim 15 or Clam 16, wherein said facility 
includes: 



procuring means to obtain said verification biometric data ftx>m an 
individual offering said identification means; 
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reading means to read said identification means; 

i 

decoding means to obtain biometric data from said identification 
means; 

I . . 

, comparison means , to compare said biometric data witii ssud 
' verification biometric data; and 

authentication means to authenticate said transfer of data. 

18. A terminal as defined in Claim 17, wherein said procuring means is a 
fingerprint reader. 

19. A terminal as defined in Claim 17 or Claim 18, wherein said reading 
means is a slot assembly for a smart: card wherein said smart card 
contains said biometric data. 

20. A terminal as defined in any one of Claims 1 5 to 1 9, wherein said facility 
further includes a printout means to produce a hard copy for recording 
details of said transfer of data. 

21. A terminal as defined in Claim 20, wherein said printout means is a 
printer either integrat with, or separate from, said facility. 

22. A tenninal as defined in Claim 20 or Claim 21, wherein said printout 
means is located within said slot assembly for said smart card- 

23. A terminal as defined in Claim 22, wherein said printout means prints a 
receipt when said receipt is entered into said slot assembly subsequent 
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to the completion of the transfer of data and removal of said smart card 
from said slot assembly. 

24. A terminal as defined In Claim 22, wherein said printout means prints a 
receipt when said receipt is removed from said slot assembly 
subsequent to the completion of the fransfer of data and removal of said 

5 smart card from said slot assembly. 

25. A terminal as defined in Claim 23 or Claim 24, wherein said receipt is a 
single, duplicate or triplicate receipt in the form of a "tear off' pad. 

26. A temiinal as defined in any one of Claims 23 to 25, wherein said receipt 
is of comparable size to a credit or debit card. 
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